Tracing with a Workload Distributor

ABSTRACT

A load balanced system may incorporate instrumented systems within a group of managed devices and distribute workload among the devices to meet both load balancing and data collection. A workload distributor may communicate with and configure several managed devices, some of which may have instrumentation that may collect trace data for workload run on those devices. Authentication may be performed between the managed devices and the workload distributor to verify that the managed devices are able to receive the workloads and to verify the workloads prior to execution. The workload distributor may increase or decrease the amount of instrumentation in relation to the workload experienced at any given time.

BACKGROUND

Tracing gathers information about how an application executes within acomputer system. Trace data may include any type of data that mayexplain how the application operates, and such data may be analyzed by adeveloper during debugging or optimization of the application. In manycases, trace data may be used for debugging an application as well asunderstanding and optimizing the application. Trace data may also beused by an administrator during regular operation of the application toidentify any problems.

SUMMARY

An instrumented execution environment may connect to an executionenvironment to provide detailed tracing and logging of an application asit runs. The instrumented execution environment may be configured as astandalone service that can be configured and purchased. Theinstrumented execution environment may be deployed with variousauthentication systems, administrative user interfaces, and othercomponents. The instrumented execution environment may engage acustomer's system through a distributor that may manage an applicationworkload to distribute work to the instrumented execution environment aswell as other worker systems. A marketplace may provide multiplepreconfigured execution environments that may be selected, furtherconfigured, and deployed to address specific data collection objectives.

A load balanced system may incorporate instrumented systems within agroup of managed devices and distribute workload among the devices tomeet both load balancing and data collection. A workload distributor maycommunicate with and configure several managed devices, some of whichmay have instrumentation that may collect trace data for workload run onthose devices. Authentication may be performed between the manageddevices and the workload distributor to verify that the managed devicesare able to receive the workloads and to verify the workloads prior toexecution. The workload distributor may increase or decrease the amountof instrumentation in relation to the workload experienced at any giventime.

A parallel tracer may perform detailed or heavily instrumented analysisof an application in parallel with a performance or lightly instrumentedversion of the application. Both versions of the application may operateon the same input stream, but with the heavily instrumented versionhaving different performance results than the lightly instrumentedversion. The tracing results may be used for various analyses, includingoptimization and debugging.

A tracer may obfuscate trace data such that the trace data may be usedin an unsecure environment even though raw trace data may containprivate, confidential, or other sensitive information. The tracer mayobfuscate using irreversible or lossy hash functions, look up tables, orother mechanisms for certain raw trace data, rendering the obfuscatedtrace data acceptable for transmission, storage, and analysis. In thecase of parameters passed to and from a function, trace data may beobfuscated as a group or as individual parameters. The obfuscated tracedata may be transmitted to a remote server in some scenarios.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used to limit the scope of the claimed subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings,

FIG. 1 is a diagram illustration of an embodiment showing a system fortracing applications that process confidential data.

FIG. 2 is a diagram illustration of an embodiment showing a networkenvironment for analyzing sensitive trace data.

FIG. 3 is a timeline illustration of an embodiment showing interactionsbetween a secure environment and a remote device.

FIG. 4 is a diagram illustration of an embodiment showing a paralleltracing system.

FIG. 5 is a diagram illustration of an embodiment showing a networkenvironment with parallel tracing.

FIG. 6 is a flowchart illustration of an embodiment showing a method forexecuting an application with parallel instrumentation.

FIG. 7 is a flowchart illustration of an embodiment showing a method forcombining results.

FIG. 8 is a diagram illustration of an embodiment showing tracing with aworkload distributor.

FIG. 9 is a diagram illustration of an embodiment showing a networkenvironment with a workload distributor.

FIG. 10 is a flowchart illustration of an embodiment showing a methodfor load balancing with tracing.

FIG. 11 is a diagram illustration of an embodiment showing tracing as aservice.

FIG. 12 is a diagram illustration of an embodiment showing a networkenvironment with remote tracing.

FIG. 13 is a flowchart illustration of an embodiment showing a methodfor configuring an instrumentation system.

FIG. 14 is a flowchart illustration of an embodiment showing a methodfor deploying instrumented system.

DETAILED DESCRIPTION Tracing as a Service

An instrumented execution environment may be deployed as a service.After creating an account, a user may add the instrumented executionenvironment to a workload distributor within the user's own executionenvironment. The workload distributor may receive an incoming workloadstream and direct some or all of the workload to the instrumentedexecution environment.

The instrumented execution environment may contain software, hardware,and other components that may capture various information whileprocessing a workload. The instrumentation may collect various tracedata that may be stored and analyzed. In some cases, the trace data maybe analyzed after collection while in other cases, trace data may beanalyzed on a real time basis.

A user may use an administrative user interface to configure theinstrumented execution environment for use with a distributor. The usermay be able to establish an account, determine a payment mechanism, andselect various features of an instrumented execution environment.

The administrative activities may also include creating variousauthentication keys or other mechanisms that may authenticate theinteracting systems to each other. The authentication system may be usedto verify that the instrumented execution environment has been permittedto receive the output of a distributor, and that the distributor isauthorized to send work items to the instrumented execution environment.

A distributor may be added to a user's execution environment tointroduce a redirection point or decision point in an application. Insome cases, the distributor may be an application that intercepts aninput stream and applies both load balancing and instrumentation logicto identify an execution environment to process a given work item. Insome cases, the distributor may be executable code that may be includedin a library that may be called from within an application.

The instrumentation may be provided as a service to a developer oradministrator of an application. The instrumentation may collect datausing sophisticated tools and analysis that may be complex to install,configure, or operate. A user may pay for such a service using manydifferent payment schemes, such as paying based on part on how muchprocessing, storage, or other resource may be consumed. In some cases,the payment may be a subscription for use over a period of time, such asa fixed fee payment for a month of service. Many other payment schemesmay be deployed.

Tracing with a Workload Distributor

A load balanced or other managed computation environment may distributework items to instrumented and non-instrumented systems. The loadbalancing or distribution may occur with consideration ofinstrumentation objectives for an application. In one example, theinstrumentation may be performed when the load on the systems may allow,but instrumentation may be reduced or eliminated when load factorsincrease.

The workload distributor may have several instrumentation objectivesthat define conditions to collect data as well as the data to becollected. The objectives may include items such as sampling rates,events or conditions that start or stop instrumentation, quantity orquality of data to be collected, as well as the specific parameters ortypes of instrumentation to be applied.

The workload distributor may transmit instrumentation objectives to aworker system, where the objectives may cause the worker system tocollect the described data. In such cases, the distributor may be ableto create customized objectives for instrumenting each work item.

The computation environment may have multiple worker systems thatexecute work items as defined by a distributor. Each worker system mayregister with the distributor, which may include initial contact andregistration as well as establishing an authentication mechanism betweenthe devices. The status of the worker systems may be collectedperiodically and used to determine availability to perform a given workitem.

Parallel Tracing

A heavily instrumented tracer may operate in parallel with a lightlyinstrumented tracer to capture both detailed and performancemeasurements of an application. In many cases, heavy instrumentation mayadversely affect the performance of an application, thereby corruptingany performance metrics that may be collected at the same time. As theinstrumentation becomes more detailed, the performance metrics generallymay become more affected.

The tracing system may operate in parallel to trace in a performanceenvironment that may capture only performance metrics, while anotherdetailed tracer may capture detailed results. In some cases, the sameapplication workload may be analyzed in parallel and the performance anddetailed results may be aggregated together to produce a completerepresentation of the application.

The architecture of a parallel tracing system may be deployed in adistributed computing environment. In such an environment, multipledevices or processors may each perform some of the work of anapplication. A computing cluster may be one example of a distributedcomputing environment where multiple devices each execute a portion ofan input stream.

A single device may be capable of parallel tracing. A multi-processordevice may have some processors that may process an application workloadin a high performance manner while other processors execute theapplication using a detailed tracer.

The concept of parallel tracing may be applied to a single system orsingle processor system. In such a system, the separate tracingoperations may be performed sequentially. For example, a first run of anapplication workload may be performed using a performance levelinstrumentation followed by a second run of the workload using adetailed instrumentation system. In such an embodiment, the input streammay be captured for later execution in a detailed manner.

A distributor may identify units of work from an input stream totransmit to different components. A unit of work may be any computingworkload that may be executed in a relatively independent fashion. Foreach program or application, the units of work may be different.

In some applications, a unit of work may be a function call that mayinclude input parameters for the function. For functional languages,such as Erlang, Haskell, Scala, F#, or for non-functional languages thatare written in a functional manner, portions of an application may beable to be computed independently. In some cases, the units of work mayhave dependencies or other interactions with other units of work.

A unit of work may be an input item or request made to an application.In an example of an application programming interface, a call to theinterface may be considered a unit of work that may be executed by aninstance of the application. Such requests may or may not depend onother requests, but in general many such systems may have requests thatmay operate independently from other requests.

In some cases, a unit of work that may be executed by two differentlyinstrumented systems may return different results. In a simple example,a unit of work may perform a function based on the exact time of day. Insuch an example, a unit of work executed on performance levelinstrumentation would return a different value than the same unit ofwork executed on a highly instrumented system that may be considerablyslower.

When a unit of work executed on two different systems returns differentvalues, an algorithm may be applied to determine a return value. Insystems where latency, response time, or other performance relatedfactors may adversely affect results, results from a performance levelinstrumented system may be used while results collected from highlyinstrumented system may be discarded. In some cases, the results fromthe performance level instrumented system may be discarded in favor ofresults from a highly instrumented system. In still other cases,averages or other summaries may be used to aggregate the applicationresults from two separate runs of a unit of work.

Obfuscating Trace Data

A tracer may obfuscate data collected from an application and transmitobfuscated data to an analysis engine. The analysis engine may performall analyses on the obfuscated data, such that the analysis engine maynot be exposed to any confidential, private, or otherwise sensitive datacontained in the tracer-collected data.

A tracer may collect data during the execution of an application. Theapplication may process data that may be sensitive. When the tracerencounters application data, such data may be obfuscated prior toanalysis. The obfuscated data may then be analyzed to understand,categorize, optimize, or perform other functions relating to theapplication. In some cases, the analysis may generate recommendations orother results that may refer to specific data elements that may beobfuscated. In such cases, a mechanism for determining the underlyingdata values may be provided through a reverse obfuscation process.

The obfuscation process may consist of a hash function, which may belossy or not. In other embodiments, the obfuscation process may be anencryption process that may or may not be cryptographically secure.Still other embodiments may employ a lookup table maintained on a clientdevice that translates a meaningful data value to an arbitrary value foranalysis.

Multiple values may be hashed or otherwise considered as a singleelement in the tracer output. For example, a function may be called withthree arguments. In some embodiments, the three arguments may becombined into a single argument and hashed or otherwise obfuscated intoa single value. In other embodiments, the three arguments may beindividually obfuscated and stored as three separate values.

Throughout this specification and claims, the terms “profiler”,“tracer”, and “instrumentation” are used interchangeably. These termsrefer to any mechanism that may collect data when an application isexecuted. In a classic definition, “instrumentation” may refer to stubs,hooks, or other data collection mechanisms that may be inserted intoexecutable code and thereby change the executable code, whereas“profiler” or “tracer” may classically refer to data collectionmechanisms that may not change the executable code. The use of any ofthese terms and their derivatives may implicate or imply the other. Forexample, data collection using a “tracer” may be performed usingnon-contact data collection in the classic sense of a “tracer” as wellas data collection using the classic definition of “instrumentation”where the executable code may be changed. Similarly, data collectedthrough “instrumentation” may include data collection using non-contactdata collection mechanisms.

Further, data collected through “profiling”, “tracing”, and“instrumentation” may include any type of data that may be collected,including performance related data such as processing times, throughput,performance counters, and the like. The collected data may includefunction names, parameters passed, memory object names and contents,messages passed, message contents, registry settings, register contents,error flags, interrupts, or any other parameter or other collectabledata regarding an application being traced.

Throughout this specification and claims, the term “executionenvironment” may be used to refer to any type of supporting softwareused to execute an application. An example of an execution environmentis an operating system. In some illustrations, an “executionenvironment” may be shown separately from an operating system. This maybe to illustrate a virtual machine, such as a process virtual machine,that provides various support functions for an application. In otherembodiments, a virtual machine may be a system virtual machine that mayinclude its own internal operating system and may simulate an entirecomputer system. Throughout this specification and claims, the term“execution environment” includes operating systems and other systemsthat may or may not have readily identifiable “virtual machines” orother supporting software.

Throughout this specification, like reference numbers signify the sameelements throughout the description of the figures.

When elements are referred to as being “connected” or “coupled,” theelements can be directly connected or coupled together or one or moreintervening elements may also be present. In contrast, when elements arereferred to as being “directly connected” or “directly coupled,” thereare no intervening elements present.

The subject matter may be embodied as devices, systems, methods, and/orcomputer program products. Accordingly, some or all of the subjectmatter may be embodied in hardware and/or in software (includingfirmware, resident software, micro-code, state machines, gate arrays,etc.) Furthermore, the subject matter may take the form of a computerprogram product on a computer-usable or computer-readable storage mediumhaving computer-usable or computer-readable program code embodied in themedium for use by or in connection with an instruction execution system.In the context of this document, a computer-usable or computer-readablemedium may be any medium that can contain, store, communicate,propagate, or transport the program for use by or in connection with theinstruction execution system, apparatus, or device.

The computer-usable or computer-readable medium may be, for example butnot limited to, an electronic, magnetic, optical, electromagnetic,infrared, or semiconductor system, apparatus, device, or propagationmedium. By way of example, and not limitation, computer readable mediamay comprise computer storage media and communication media.

Computer storage media includes volatile and nonvolatile, removable andnon-removable media implemented in any method or technology for storageof information such as computer readable instructions, data structures,program modules or other data. Computer storage media includes, but isnot limited to, RAM, ROM, EEPROM, flash memory or other memorytechnology, CD-ROM, digital versatile disks (DVD) or other opticalstorage, magnetic cassettes, magnetic tape, magnetic disk storage orother magnetic storage devices, or any other medium which can be used tostore the desired information and which can accessed by an instructionexecution system. Note that the computer-usable or computer-readablemedium could be paper or another suitable medium upon which the programis printed, as the program can be electronically captured, via, forinstance, optical scanning of the paper or other medium, then compiled,interpreted, of otherwise processed in a suitable manner, if necessary,and then stored in a computer memory.

When the subject matter is embodied in the general context ofcomputer-executable instructions, the embodiment may comprise programmodules, executed by one or more systems, computers, or other devices.Generally, program modules include routines, programs, objects,components, data structures, etc. that perform particular tasks orimplement particular abstract data types. Typically, the functionalityof the program modules may be combined or distributed as desired invarious embodiments.

FIG. 1 is a diagram of an embodiment 100 showing a tracing system for anapplication that processes sensitive data. Embodiment 100 is asimplified example of a system where tracing may occur within a secureenvironment, then trace data may be analyzed in an unsecure environmentwithout compromising the integrity of the sensitive data.

Embodiment 100 illustrates an example of a tracing system that gathersdata in a secure environment and obfuscates the data prior to sendingthe data to a remote system for analysis. The remote system may be in anunsecured environment, but because the sensitive data are obfuscated,any analysis on those data can be performed without compromising thesecurity of the underlying data.

In an example, a secure environment 102 may have an application 104 thatmay process sensitive data. The sensitive data may be, for example,credit card numbers, social security numbers, employment data,healthcare data, classified military data, financial data, or any othertype of data that may be sensitive from a legal, business, personal, orother perspective.

A tracer 106 may monitor the application 104 to collect performance andoperational data while the application 104 executes. The tracer 106 mayexamine individual functions, threads, processes, messages, dataobjects, and other information and that are part of the application ormay be handled by the application. The tracer 106 may perform low-levelinspection of various program elements, the results of which may be usedto analyze the program execution. Such analysis may be for debugging,auditing, optimization, or other purposes.

In many cases, the tracer 106 may handle or come in contact withinformation that includes sensitive data. In such a circumstance, thedata may be obfuscated prior to leaving the secure environment 102. In asimple example, a function may receive a data object, such as a rawcredit card number. A trace of the function may collect the credit cardnumber as a value passed to the function. In another example, a messagepassed from one thread to another may contain unfiltered financialinformation, a medical record object, or other sensitive information.During normal tracing operations, such sensitive data may be collected,but the sensitive data may be obfuscated before passing the data outsideof the secure environment.

When sensitive data are collected and handled within the secureenvironment 102, the data may be considered safe. In a typical secureenvironment 102, data may be processed in a facility that complies withvarious privacy and security standards and procedures. Such facilitiesmay maintain physical security that limits access to certain personnel,as well as network security that restricts access to the data.

An obfuscator 108 may obfuscate some or all of the trace data to createobfuscated trace data 110. The obfuscator 108 may use various hashfunctions, encryption algorithms, substitution schemes, or othertechniques to make protect the sensitive data. In some cases, theobfuscator 108 may create a lookup database 112 that may contain the rawand obfuscated values for the traced data.

The obfuscated trace data 110 may be transmitted outside the secureenvironment 102. The obfuscated trace data 114 may be located on aremote device or other system that may have an analysis engine 116 thatmay perform analytics, optimizations, or other analyses on theobfuscated trace data 114. The results of the analysis engine 116 mayreference individual data items or may contain references to dataelements that remain obfuscated.

The results 118 may be passed back into the secure environment 102 andacted upon by a results processor 120. The results processor 120 maydetermine the raw data values from the obfuscated data values. In somecases, such an operation may involve looking up the raw data value fromthe lookup database 112.

In one use scenario, a tracer 106 may analyze an application 104 thatmay handle bank account information, for example. The tracer 106 mayidentify a function to monitor, where the function receives a bankaccount number and returns a balance. In this example, the bank accountnumber and the balance may be treated as private information.

The tracer 106 may detect that the function has been called and maycapture the data sent to the function and the data returned by thefunction. In this case, the bank account information has beentransferred to the function and the balance returned. The function maybe called many times, and the tracer 106 may capture each time thefunction is called. After monitoring the application 104 for a period oftime, the trace data may contain bank account information and balanceinformation.

Before transmitting the trace data outside of the secure environment102, an obfuscator 108 may obfuscate the trace data to create obfuscatedtrace data 110. Once obfuscated, the data may be analyzed by a remotesystem to determine performance metrics or debugging information for theapplication 104.

The analysis may handle each data object using the obfuscated value. Inan example, a debugging analysis may determine that a specific inputvalue to the function causes an unexpected behavior to the function.Because the analysis is performed on the obfuscated data, the analysisresults may be transmitted back to the secure environment 102 where theoriginal value for the trace data may be determined and action taken onthe results.

In such a scenario, the sensitive data may be kept within the secureenvironment 102, yet the analysis may be performed in an environmentthat does not share the same level of security. For example, a traceanalyzer or program optimizer may analyze applications that may besecret, secure, private, or otherwise sensitive, yet the results may betransmitted and analyzed in a relatively open environment. For example,the obfuscated trace data 110 may be transmitted in clear text withminimum or no encryption and stored in a facility that may not meet thehigh security standards of the application 104.

The analysis engine 116 may be an automated, semi-automated, or manualanalysis of the obfuscated trace data 114. The results 118 may containdirect references to the obfuscated trace data 114, such as identifyingthe data values that caused an error condition, for example. However,because the analyses may be performed only on obfuscated trace data 114,the analysis engine 116 may not be exposed to the underlying raw data.

In some cases, the remote system may collect data from multiple users,each of which may produce obfuscated trace data. The data from each usermay be combined into a single database containing trace data from manysources. In such cases, the remote system may store only obfuscated dataand sensitive data may be kept within the secure environment 102.

The obfuscator 108 may create obfuscated trace data 110 using severaldifferent mechanisms. In some cases, the obfuscation mechanisms may ormay not be lossy.

An example of a non-lossy system may be an encryption system that mayuse a key to encrypt the data. In such a system, the obfuscator 108 mayencrypt the data items using the key and the analysis engine 116 mayprocess the encrypted data objects. Once the results 118 are returned tothe secure environment 102, the results processor 120 may decrypt theresults 118 using the key. Such a system may not use a lookup database112 to re-create the raw values from the obfuscated values.

Another example of a non-lossy system may be the use of a non-reversiblesecure hash, such as MD5, SHA, or other hash functions. Such functionsmay have none or very few collisions, but may be extremely difficult toextract the original value from the obfuscated value. In such systems, alookup database 112 may be used to store the hashed and raw values, sothat results 118 may be converted back to raw, un-hashed values.

An example of a lossy system may apply a lossy hash function, such as achecksum or other lossy compression technique to the raw data. Examplesof such systems may be hash functions that have many collisions. Such asystem may create obfuscated data elements that may not be reversed intoa single value with a degree of certainty.

An example of another system, a lookup database 112 may be used toassign a random or sequential value to a raw value. For example, arecord for each new raw value may be assigned an incrementing index andthe index may serve as the obfuscated value. Because the lookup database112 may contain sensitive data, the lookup database 112 may be storedand protected within the secure environment 102.

In some embodiments, different types of obfuscation may be applied todifferent trace data. For example, highly sensitive data elements may beobfuscated with encryption while less sensitive data elements may beobfuscated with a simpler hash function. Such an embodiment may applymore computationally expensive obfuscation to more sensitive data andless computationally expensive obfuscation to less sensitive data.

Some trace data may be stored in cleartext or may not be obfuscated. Forexample, some embodiments may store function names in cleartext yet mayobfuscate data passed to and from a function. In general, a functionname, parameter name, variable name, or other hard coded descriptorswithin an application may describe operations of an application but notthe underlying data that may be processed.

Cleartext descriptors of application elements may be extracted from asource code description of the application. Some embodiments may includea source code analyzer that extracts the descriptors of variousapplication elements. In some embodiments, such analyzers may be builtinto a compiler, the output of which may include debugging or tagginginformation.

Cleartext descriptors of application elements, such as functions,variables, data objects, methods, or other elements may give a developerand administrator meaningful feedback regarding the performance of theirapplication, even when the underlying data may be obfuscated. Forexample, an analysis engine 116 may identify function FOO has behavingin a certain manner and provide feedback that names function FOO. Anapplication developer may recognize function FOO and be able to takeaction. Such an analysis may be performed in an unsecure manner usingobfuscated data elements but with cleartext representations of programelements.

Cleartext descriptors of application elements may include functionnames, variable names, data object names, record descriptors, columndescriptors, annotations, method names, class names, library names, filenames, parameter names, tags, control flow diagrams, and otherdescriptors. Typically, such descriptors may be created by a programmeror developer and may reflect the programmer's intent or logic.

In certain circumstances, such descriptors may reflect confidentialinformation. The confidential information may be the underlying logic orprogram flow, which may be separate from the confidential nature of thedata handled by the application. For example, an application thatprocesses healthcare records may have a proprietary or trade secretmethod for analyzing a healthcare record. While the healthcare recorditself may be confidential under HIPPA or other statutory or regulatoryprovisions, the methodology of the application may be a separate classof confidential information.

In cases where such descriptors reflect application logic, third partyanalysis may be performed under a nondisclosure agreement, privacyarrangement, or other confidentiality provision as the third party maybe exposed to the underlying methodology in an application but not beexposed to the data handled by the application.

FIG. 2 is a diagram of an embodiment 200 showing a computer system thattransmits obfuscated trace data to a remote device for analysis.Embodiment 200 illustrates hardware components that may deliver theoperations described in embodiment 100, as well as other embodiments.

The diagram of FIG. 2 illustrates functional components of a system. Insome cases, the component may be a hardware component, a softwarecomponent, or a combination of hardware and software. Some of thecomponents may be application level software, while other components maybe execution environment level components. In some cases, the connectionof one component to another may be a close connection where two or morecomponents are operating on a single hardware platform. In other cases,the connections may be made over network connections spanning longdistances. Each embodiment may use different hardware, software, andinterconnection architectures to achieve the functions described.

Embodiment 200 illustrates a device 202 that may have a hardwareplatform 204 and various software components 206. The device 202 asillustrated represents a conventional computing device, although otherembodiments may have different configurations, architectures, orcomponents.

In many embodiments, the device 202 may be a server computer. In someembodiments, the device 202 may still also be a desktop computer, laptopcomputer, netbook computer, tablet or slate computer, wireless handset,cellular telephone, game console or any other type of computing device.

The hardware platform 204 may include a processor 208, random accessmemory 210, and nonvolatile storage 212. The hardware platform 204 mayalso include a user interface 214 and network interface 216.

The random access memory 210 may be storage that contains data objectsand executable code that can be quickly accessed by the processors 208.In many embodiments, the random access memory 210 may have a high-speedbus connecting the memory 210 to the processors 208.

The nonvolatile storage 212 may be storage that persists after thedevice 202 is shut down. The nonvolatile storage 212 may be any type ofstorage device, including hard disk, solid state memory devices,magnetic tape, optical storage, or other type of storage. Thenonvolatile storage 212 may be read only or read/write capable. In someembodiments, the nonvolatile storage 212 may be cloud based, networkstorage, or other storage that may be accessed over a networkconnection.

The user interface 214 may be any type of hardware capable of displayingoutput and receiving input from a user. In many cases, the outputdisplay may be a graphical display monitor, although output devices mayinclude lights and other visual output, audio output, kinetic actuatoroutput, as well as other output devices. Conventional input devices mayinclude keyboards and pointing devices such as a mouse, stylus,trackball, or other pointing device. Other input devices may includevarious sensors, including biometric input devices, audio and videoinput devices, and other sensors.

The network interface 216 may be any type of connection to anothercomputer. In many embodiments, the network interface 216 may be a wiredEthernet connection. Other embodiments may include wired or wirelessconnections over various communication protocols.

The client 202 may have an operating system 218 that may execute variousapplications 254. In some embodiments, an execution environment 220 mayexecute the applications 254. In either case, the operating system 218or execution environment 220 may manage execution of the applications254 by managing resources consumed by the applications 254 as well ascontrolling the execution.

The resources managed by the operating system 218 or executionenvironment 220 may be memory resources, network resources, input/outputresources, processor resources, and other resources. The operatingsystem 218 or execution environment 220 may allocate memory, performgarbage collection, schedule processor availability, prioritize andallocate storage resources, and other functions. In some embodiments,the execution environment 220 may be referred to as a virtual machine.

Tracers 222 and 224 may operate within the operating system 218 orexecution environment 220. The tracers 222 and 224 may monitor theexecution of an application 254 and collect various information,including performance data, operational data, debugging data, and othertypes of information. In many cases, the tracers 222 and 224 may beexposed to sensitive data that may be processed by an application 254.

Raw trace data 226 may be the data as-collected by the tracers 222 or224. The raw trace data 226 may include data elements processed by theapplications 254, as well as references to application elements such asfunction names and other descriptors.

An obfuscator 228 may process the raw trace data 226 to createobfuscated trace data 230. The obfuscator 228 may obfuscate some or allof the raw trace data 226 using various mechanisms. In some cases, onlycertain elements may be obfuscated while other elements in the raw tracedata 226 may remain in a cleartext format.

In some embodiments, a source code analyzer 252 may create a set ofsource code annotations 254. The source code annotations 254 may be usedto decorate the raw trace data 226 with meaningful function names andother information.

The source code annotations 254 may be annotations, tags, labels, orother information that may be derived from source code. Such informationmay be created by a compiler, debugging tool, or other source. In somecases, source code annotations 254 may be created by a dedicated sourcecode analyzer 252.

A communications agent 232 may transmit the obfuscated trace data 230 toa remote device 240 for processing. The remote device 240 may be locatedoutside of a secure environment which may be protected by a firewall 236as well as other security measures. The communications agent 232 maypass the obfuscated trace data 230 through a firewall 236 and network238 to the remote device 240.

The remote device 240 may operate on a hardware platform 242. Thehardware platform 242 may be similar to the hardware platform 204. Insome instances, the hardware platform 242 may be a virtual machine,cloud computing system, computing cluster, or some other executionenvironment.

A communications agent 246 may receive obfuscated trace data 230 fromthe device 202 and store the obfuscated trace data 244. An analyzer 248may perform analyses against the obfuscated trace data 244 to generatevarious analysis results, which may be debugging and performanceinformation, optimization information, or any other type of analysisresults.

The obfuscated trace data 244 may contain trace data from multipledevices 202. In such embodiments, the trace data from two or moredevices may be combined to create a more comprehensive trace data setthan what may be created from merely one device.

In some embodiments, results from the remote device 240 may betransmitted to the device 202 for further inspection and use. In suchembodiments, a lookup database 234 may be populated with obfuscated andraw data elements. The lookup database 234 may be used to translate fromobfuscated results to more meaningful results when results are receivedfrom a remote device 240.

FIG. 3 is a flowchart illustration of an embodiment 300 showing a methodfor installing and monitoring executable code. Embodiment 300illustrates the operations of a client device 302 in the left handcolumn and a remote device 304 in the right hand column.

Other embodiments may use different sequencing, additional or fewersteps, and different nomenclature or terminology to accomplish similarfunctions. In some embodiments, various operations or set of operationsmay be performed in parallel with other operations, either in asynchronous or asynchronous manner. The steps selected here were chosento illustrate some principles of operations in a simplified form.

Embodiment 300 illustrates an interaction between a device 302 in asecure location with a remote device 304 which may be outside the securelocation. Trace data are gathered on the device 302, obfuscated, andtransmitted to the remote device 304. The remote device 304 may processonly the obfuscated data to create certain results, which are returnedto the device 302 and de-obfuscated.

On the device 302, an application may be executed in block 306. Whilethe application executes, trace data may be gathered in block 308. Someor all of the parameters may be obfuscated using hashing, encryption,lookup tables, randomization, or other obfuscation techniques.

The obfuscated data may be transmitted in block 312 to the remote device304, which may receive the obfuscated data in block 314.

The remote device 304 may perform analysis on the obfuscated trace datain block 316 to generate analysis results in block 318. The analysisresults may be transmitted in block 320 to the device 302, which mayreceive the analysis results in block 322.

The device 302 may de-obfuscate the data in block 324 and act on theanalysis results in block 326. The de-obfuscating in block 324 mayemploy a mechanism that determines a raw, original value from resultscomputed from obfuscated data.

FIG. 4 is a diagram illustration of an embodiment 400 showing a paralleltracing system. Embodiment 400 illustrates a high level view of a systemthat has a distributor that may send units of work to different systems,which may include systems for performance measurements as well asdetailed instrumentation or profiling.

Embodiment 400 may be an example of a system where units of work may beexecuted in different environments, which may include execution under noinstrumentation, performance level instrumentation, and detailedinstrumentation. In many cases, an increasing level of instrumentationmay cause performance to degrade. However, a more complete understandingabout an application may combine both performance and detailedinstrumentation results. By collecting trace data from two differentenvironments, the performance related data may be unaffected by thedetailed tracing.

A single unit of work may be analyzed by two different systems. In suchsystems, the performance results and detailed tracing results may becombined for those units of work. Such systems may tag the tracingresults with an identifier that may allow an aggregator to match theresults to the same unit of work.

In other embodiments, a single unit of work may be analyzed only onetime. In such systems, results from performance and detailed analysesmay be combined to give an overall picture without being able todirectly compare individual units of work. Such a picture may bestatistically significant when the distribution of workloads to eachtype of analysis may have a statistically normal distribution, forexample.

A requestor 402 may send a request 404 to a distributor 406. The request404 may be a workload to be processed by a cluster of executionenvironments. In one example, the request 404 may be a call to anapplication programming interface, where the application programminginterface may be executed by a computing cluster. In another example, arequest 404 may be a workload within a high performance computingsystem. In still another example, the request 404 may be a function ormethod call within a computer application.

The distributor 406 may analyze the request 404 to determine how toroute the request 404. In the example of embodiment 400, the request 404may be routed to an non-instrumented system 410, a performanceinstrumented system 412, or a detailed instrumented system 414. Otherembodiments may have more or fewer systems that may be able to performthe request 404.

The distributor 406 may have a configuration 408 that may define how thedistributor 406 may perform its distribution functions. Theconfiguration 408 may have conditions under which detailed orperformance tracing may be performed, as well as conditions definingwhen no tracing may be performed.

The conditions 408 may contain filters that limit instrumentation toonly a subset of available requests. The filters or objectives maydefine parameters relating to the input stream, a sampling frequency, orother parameters that may define how and when instrumentation may occur.The objectives may define instrumentation granularity, such a functionalcomponent, function, process, memory object, or other level of detail ofthe data collection. As an example of parameters relating to the inputstream, the conditions 408 may indicate that instrumentation may beperformed on requests that contain a specific variable with a specificvalue or range of values. An example of other types of configurationdefinitions may define a sample frequency for requests that may beinstrumented.

An non-instrumented system 410 may process the requests 404 with littleor no tracing or instrumentation. In many cases, an non-instrumentedsystem 410 may contain minimal instrumentation that may monitor thestatus of the system or other actions. The non-instrumented system 410may not generate instrumentation results that may be analyzed with datagathered from other instrumented systems.

A performance instrumented system 412 may process a request 404 whilegathering performance related metrics. The instrumentation may bedesigned to have minimal impact on the performance of system so that theperformance metrics may be considered accurate.

A detailed instrumentation system 414 may process a request 404 whilegathering detailed operational information. In many cases, such systemsmay trace function calls, gather data objects passed between processesand functions, gather object values as certain points during execution,and other data. In many cases, the detailed instrumented system 414 maybe significantly slower than the performance system 412.

In the example of embodiment 400, three systems are illustrated asprocessing the requests 404. In some embodiments, such devices may beidentical hardware devices with the same or different softwarecomponents, while in other embodiments, different devices with differenthardware or software components may be used. Such systems that are notsimilar may have specialized hardware or software components designedfor high performance, detailed instrumentation, or other function.

The application output 416 may be received from the various systems thatexecute the request 404. The application output 416 may be returned tothe requestor 402.

In cases where two systems execute the same request, the applicationoutput 416 may be compared to determine whether both systems generatedthe same output. In some embodiments, the output may be consideredreliable or substantiated when two parallel devices generate the sameoutput. When the output from two systems is not the same, one of theoutput values may be selected, the values averaged, or some other actiontaken.

A results combiner 418 may collect trace data from both the performanceinstrumented system 412 and the detailed instrumented system 414 andstore the results in a set of instrumentation results 420. In somecases, the results combiner 418 may match specific execution runs orcharacteristics between two or more different trace data. Examples ofsuch matching may be found later in this specification.

FIG. 5 is a diagram of an embodiment 500 showing a network environmentin which different execution systems may generate different levels oftrace data. Embodiment 500 illustrates hardware components that mayimplement some of the operations described in embodiment 400, as well asother embodiments.

The diagram of FIG. 5 illustrates functional components of a system. Insome cases, the component may be a hardware component, a softwarecomponent, or a combination of hardware and software. Some of thecomponents may be application level software, while other components maybe execution environment level components. In some cases, the connectionof one component to another may be a close connection where two or morecomponents are operating on a single hardware platform. In other cases,the connections may be made over network connections spanning longdistances. Each embodiment may use different hardware, software, andinterconnection architectures to achieve the functions described.

Embodiment 500 illustrates an example of a system that processesrequests received over an external network 504 from a requestor 502. Adistributor system 506 may parse the incoming request stream and causethe various execution systems 520 to execute the requests. Theapplication output or response to the request may be passed back to therequestor 502, while any trace data gathered from the execution systems520 may be stored and used by an analysis system 552.

Each of the various devices illustrated in embodiment 500 may have ahardware platform. The respective hardware platforms may be similar tothe hardware platform 104 in embodiment 100. The devices may be any typeof hardware platform, such as a personal computer, server computer, gameconsole, tablet computer, mobile telephone, or any other device with aprogrammable processor.

The distributor system 506 may receive and parse an input stream, thendirect units of work to various execution systems 520. The distributorsystem 506 may operate on a hardware platform 508 and contain adistributor 510 that receives work requests via an external interface512. The distributor 510 may have a tracing configuration 514 anddistribution configuration 516 that define how the units of work may bedistributed.

The tracing configuration 514 may define an algorithm, conditions, orother conditions that may define how and when to collect instrumentationdata. The tracing configuration 514 may include granularity, samplingrates, sample sizes, data to be collected, and other information. Thetracing configuration 514 may also include specific conditions when totrace or not to trace.

Such conditions may evaluate data elements in a request, as well as dataelements from external sources. For example, a condition may causedetailed tracing to happen during evening hours when an input parameteris ‘blue’.

The distribution configuration 516 may define conditions for allocatingother units of work. The distribution configuration 516 may define aload balancing algorithm, for example, that allocates work to devicesthat are lightly loaded while avoiding sending work to devices that areheavily loaded.

A local network 518 may connect the distributor system 506 with variousexecution systems 520. The execution systems 520 may have a hardwareplatform 522 on which an operating system 524 or execution environment530 may run. An application 534 may be executed on the execution systems520 to respond to a unit of work, and various tracers may collect datawhile the application 534 processes the unit of work.

In some embodiments, the application 534 may execute directly on theoperating system 524. In such embodiments, an operating system 524 mayhave a lightweight tracer 526 for collecting performance relatedmeasurements, as well as a detailed tracer 528 that may collect detailedinformation during application execution.

In other embodiments, the application 534 may execute in an executionenvironment 530. The execution environment 530 may be a virtual machine,such as a process virtual machine, that may manage execution and providevarious support functions such as memory allocation, garbage collection,process management, message passing, or other functions. Such executionenvironments may have a tracer 532.

The various tracers may be configured using a tracer configuration 536that may define what information to collect and under what circumstancesthe information may be collected. In some embodiments, the tracerconfiguration 536 may be sufficient information to cause a single tracerto behave as a performance level tracer or as a detailed tracer.

The trace data 538 may be locally collected tracer output, which may bepassed to the analysis system 552.

In some embodiments, the distributor 540 may be located within anexecution system 520. In one such embodiment, the system 520 may executean application 534, which may be executed in part by distributingworkload items to multiple processing instances. One of the processinginstances may be a detailed instrumented instance, while anotherprocessing instance may be a performance tracing instance. In such acase, the operation of embodiment 400 may be performed on a singledevice.

An analysis system 552 may collect the trace data 538 from variousexecution systems 520 to gather the results in a centralized trace data544. The analysis system 552 may operate on a hardware platform 542which may have a data store for the trace data 544, as well as acombiner 546, an analyzer 548, and an optimizer 550.

The analysis system 552 may gather and aggregate trace data from bothperformance and detailed tracers. The combiner 546 may create a joinedset of results. The analyzer 548 may perform various analyses of theresults, such as reports, alerts, or other output. The optimizer 550 maygenerate optimized settings for the application 534 or otheroptimizations.

FIG. 6 is a flowchart illustration of an embodiment 600 showing a methodfor application execution and parallel instrumentation. Embodiment 600illustrates the operations of a distributor and combiner 602 in the lefthand column, a performance environment 604 in the center column, and adetailed instrumented environment 606 in the right hand column. Thedistributor and combiner 602 may represent the operations of adistributor 406 and combiner 418, while the performance environment 604and detailed execution environment 606 may represent the operations of aperformance instrumented system 412 and detailed instrumented system 414of embodiment 400, respectively.

Other embodiments may use different sequencing, additional or fewersteps, and different nomenclature or terminology to accomplish similarfunctions. In some embodiments, various operations or set of operationsmay be performed in parallel with other operations, either in asynchronous or asynchronous manner. The steps selected here were chosento illustrate some principles of operations in a simplified form.

In block 608, an application may be initiated by the distributor andcombiner 602, which may cause the application to begin execution in theperformance environment 604 in block 610 and in the detailed executionenvironment 606 in block 612.

The operations of blocks 608 through 612 illustrate an embodiment wherean application may be configured to execute, then workload items may betransmitted to the application for processing. In such embodiments, theworkload items may be data items consumed by the applications. In otherembodiments, a workload item may be executable commands that may bepassed to the various environments. In such embodiments, the operationsof blocks 608 through 612 may not be performed.

An input stream may be received in block 614. The input stream may beparsed to identify a work unit in block 616. The work unit may be ablock of data, executable code, or other workload that may be processedby an execution environment.

A distributor may analyze the work unit in block 618 to determinewhether the work unit may be processed using detailed instrumentation ornot. If the distributor selects detailed instrumentation in block 618,the workload may be transferred to the detailed instrumentationenvironment 606 to be executed in block 620. If the distributor does notselect detailed instrumentation in block 618, the workload may betransferred to the performance environment 604 to be executed in block622.

In some cases, the distributor and combiner 602 may send the sameworkload item to both the performance environment 604 and detailedexecution environment 606.

The distributor may create an identifier for the work unit. In somecases, a work unit may include an identifier within the request, such asa sequence number or other identifier that may be used by a requestor tomatch application results with the request. In some cases, a timestamp,identification code, or other identifier may be created by thedistributor and used to correlate results data from two or more tracedata gather from different execution environments.

During execution in the performance environment 604, some tracingresults may be collected, which may be transmitted in block 624 to thedistributor and combiner 602 and received in block 626. Similarly, thedetailed instrumented environment 606 may generate tracing results thatmay be transmitted in block 628 and received by the distributor andcombiner 602 in block 630.

The results may be combined in block 632 and stored in block 634. Theprocess may return to block 614 to handle another unit of work.

An example of a method to combine trace data from a performanceenvironment 604 and detailed instrumented environment 606 may beillustrated in embodiment 700.

FIG. 7 is a flowchart illustration of an embodiment 700 showing a methodfor combining results from trace runs with different levels ofgranularity. Embodiment 700 illustrates one example of the combiningoperations of block 632 of embodiment 600 or the results combiner 418 ofembodiment 400.

Other embodiments may use different sequencing, additional or fewersteps, and different nomenclature or terminology to accomplish similarfunctions. In some embodiments, various operations or set of operationsmay be performed in parallel with other operations, either in asynchronous or asynchronous manner. The steps selected here were chosento illustrate some principles of operations in a simplified form.

Performance trace data may be received in block 702 and detailed tracedata may be received in block 704. Within each set of results, one ormore identifiers may be present. Such identifiers may be identified inblock 706.

The identifiers may be any item that may be used to correlate the databetween two different tracing operations of an application or work unit.In some cases, each unit of work may have an identifier, which may beused to match detailed and performance trace data when the unit of workhas been executed by both types of tracers in separate runs.

In other case, a time stamp, input data value, or other information maybe used as an identifier.

For each identifier in block 708, the performance results may begathered in block 710 and the detailed results may be gathered in block712. The two sets of results may be combined in block 714 and stored inblock 716.

After combining both sets of results, analyses may be performed on thelarger set of data in block 718.

FIG. 8 is a diagram illustration of an embodiment 800 showing a systemthat performs tracing with a workload distributor. Embodiment 800illustrates a general process whereby a distributor may provide workloaddistribution, and may also determine how and when tracing may occurduring execution.

Embodiment 800 may represent a managed computing environment, such as acluster computing system or other system where multiple devices may beused to deliver an application. While a conventional cluster or loadbalanced environment may be used as the example in embodiment 800, thesame principles may be applied to any computational system whereworkload may be partitioned and distributed to multiple instances,threads, processors, devices, or other compute elements.

An application input stream 802 may be sent to a distributor 804, whichmay partition out work items to various non-instrumented systems 808 andinstrumented systems 812. The application output 816 may be produced byeither type of systems, but the instrumented systems 812 may producetrace data that may be stored in a results database 818.

The worker systems include the non-instrumented systems 808 andinstrumented systems 812. The worker systems may be capable ofprocessing work units, which may be any element of an application. Insome embodiments, the application may receive requests items on anapplication programming interface, then process each request as anindividual work item. In such embodiments, incoming requests may be dataitems that are processed individually and independently.

In some embodiments, the application may be capable of parallelexecution, with each work item being an independent computationalelement that may or may not interact with other work items. In suchembodiments, incoming requests may be executable code or a combinationof executable code and data objects to be processed by the executablecode.

The distributor 804 may use a configuration 806 to define how toallocate the work items across the worker systems. The configuration 806may define load balancing algorithms and parameters, as well as the datacollection configuration.

The data collection configuration may define how and when data items maybe collected by any instrumentation on a worker system. In many cases,the data collection configuration may define specific objectives, suchas data items to collect and conditions for collecting the data items.

The distributor 804 may create a tracer configuration 820 that mayconfigure the instrumentation on an instrumented system 812 to collectspecific data. Some embodiments may create specific or customized tracerconfigurations 820 for each work element. Such embodiments may allow thesystem to change the instrumentation with a tracer configuration 820from run to run, allowing fine-tuned control over the data collection.

Because both the instrumentation and load balancing may be incorporatedinto the distributor 804, the instrumentation may become a factor inoverall load balancing. For example, when the load on the system isheavy and there may be few resources available, the distributor 804 maybe able to reduce the instrumentation so that the overall systemperformance may not suffer. Similarly, the distributor 804 may increaseinstrumentation during slack periods and there may be an excess ofresources.

In systems that may implement a tracer configuration 820, each workersystem may be configured as an instrumented or non-instrumented systemmerely by updating the tracer configuration 820 for a particular workitem. In some such systems, all of the worker systems may be identicallyconfigured.

Some worker systems may have additional instrumentation capabilitiesthat other, non-instrumented systems may not have. For example, aninstrumented system 812 may have different or additional processors,memory, storage, network connectivity and even additional softwareresources that may support instrumentation. In such systems, the variousworker systems may not be identical.

A worker manager 822 may manage the various worker systems byregistering the worker systems, determining the availability of theworker systems, and other functions. In many embodiments, the workermanager 822 may deploy a two way authentication mechanism that may allowthe distributor 804 to authenticate to the worker systems and viceversa.

The worker manager 822 may collect status information by periodicallyquerying the worker systems or have other regular. The statusinformation may include the capabilities of the worker system, which mayinclude the hardware and software capabilities and configuration, aswell as the current load or capacities of the worker system. Someelements may change in real time, such as the availability of the systemto process a new request, while other elements may be more static, suchas the hardware configuration.

The authentication mechanisms may help ensure that the various devicesare supposed to be communicating with each other. When a worker deviceauthenticates itself to a distributor, the distributor may rely on theauthentication to assure that the worker is not a malicious device. Whenthe distributor authenticates itself to the worker device, the workerdevice may rely on the authentication to assure that the distributor hasthe permission or authority to send work to the worker device. Theauthentication mechanisms may also be deployed for other scenarios,including instrumentation-as-a-service scenarios.

FIG. 9 is a diagram of an embodiment 900 showing a network environmentin which a workload distributor may send work units to various workerdevices. Embodiment 900 illustrates hardware and software componentsthat may implement some of the operations described in embodiment 800,as well as other embodiments.

The diagram of FIG. 9 illustrates functional components of a system. Insome cases, the component may be a hardware component, a softwarecomponent, or a combination of hardware and software. Some of thecomponents may be application level software, while other components maybe execution environment level components. In some cases, the connectionof one component to another may be a close connection where two or morecomponents are operating on a single hardware platform. In other cases,the connections may be made over network connections spanning longdistances. Each embodiment may use different hardware, software, andinterconnection architectures to achieve the functions described.

Embodiment 900 illustrates an environment in which multiple workersystems may perform portions of an application as determined by adistributor device. The distributor 902 may receive a stream of workloaditems, divide the incoming stream into units of work, determine whichworker device may process each unit of work, and cause those units ofwork to be performed.

The distributor 902 may also determine what type of instrumentation maybe performed on a given unit of work. The instrumentation may includevarious types of tracing, data collection, performance monitoring, orother data that may be used for diagnosis, debugging, administrativemonitoring, optimization, or other uses.

The instrumentation may be configurable by the distributor 902. In somecases, the distributor 902 may be capable of routing work units toworker devices that may be preconfigured to perform specific types oftracing or instrumentation. For example, one of the instrumented systems932 may be preconfigured to perform a specific set of data collection inaddition to executing a work unit. In such an example, the distributor902 may determine when to send a work unit to the instrumented system932 and when to send another work unit to a worker 924 which may nothave instrumentation configured.

In another example, the distributor 902 may transmit a configurationfile or other descriptor to an instrumented system 932, where theconfiguration file may contain specific data items to collect, tests toperform, or other data collection activities. In such an embodiment, theinstrumentation or tracers on the instrumented systems 932 may beconfigurable. In some cases, such a system may be able to execute a workunit with little or no instrumentation, then switch to a high level ofinstrumentation for the next work unit, as defined in a configurationfile.

Each of the various devices illustrated in embodiment 900 may have ahardware platform. The respective hardware platforms may be similar tothe hardware platform 104 in embodiment 100. The devices may be any typeof hardware platform, such as a personal computer, server computer, gameconsole, tablet computer, mobile telephone, or any other device with aprogrammable processor.

The distributor 902 may have a hardware platform 904 on which varioussoftware components may operate. A distributor 906 may receive anincoming workload stream from a load receiver 908 and determine whichworker device will execute the work unit. The distributor 906 may use aload balancing configuration 910 that may define load balancingobjectives, algorithms, or other definition for managing a quality ofservice or other factor. The distributor 906 may refer to a workerdatabase 912 that may include the availability and status of the variousworker devices.

The distributor 906 may balance the workload over multiple devices,including instrumented systems 932 and general workers 924. The workloadbalancing may use multiple devices in parallel to process a workloadthat may be larger than the capacity of a single device. For example, alarge web-scale application may be processed by many devices, which mayscale into several hundred server computers in some cases. The loadbalancing aspect of the distributor 906 may attempt to divide theworkload and distribute the workload to available devices.

A tracer configuration 914 may define a set of instrumentationobjectives, which may include data to be collected, sample rates, andmany other factors.

In many cases, the instrumentation objectives may be in tension with theload balancing objectives. In general, instrumentation and datacollection may come at some computational cost, meaning that as theinstrumentation is increased, the performance of a system may decrease.In a high speed, high throughput environment, the distributor 906 maybalance the instrumentation objectives against the processing capacityto handle the incoming workload. In some instances, the distributor 906may scale back the instrumentation objectives during high loads so thata quality of service metric for the overall system may be met. In otherinstances, the distributor 906 may allow the quality of service metricto be missed so that instrumentation objectives may be met. Thedecisions made by the distributor 906 may be defined in the variousconfiguration files.

A tracer manager 918 may manage the instrumentation to generate theoverall objectives for data collection. The tracer manager 918 may causedifferent data elements to be collected from various work units orinstrumented systems 932, then collect the data. In some cases, thetracer manager 918 may perform first level aggregation, summaries, orother initial processing.

The tracer manager 918 may use an artificial load generator 916 tocreate or modify work units for testing and data collection. Forexample, the artificial load generator 916 may create a work unit thatstresses a specific portion of an application. When such a work unit isperformed, the instrumentation may collect data for the work unit. Sucha work unit may produce application results that may be discarded by theinstrumented system 932.

The distributor 902 may include a worker status collector 920 that maycommunicate with each worker device to determine a current status. Thestatus may indicate whether the device may be available to accept workunits. In some cases, the status may include statistics, such as excesscapacity, current workload, or other performance metrics.

A worker manager 956 may manage available worker devices by adding andremoving devices into a pool of managed devices. The worker manager 956may allow new devices to connect, authenticate, and be added to the poolof managed devices. An administrator may use the worker manager 956 tomonitor individual devices, configure devices, and add and removedevices to the pool.

In many embodiments, a worker manger 956 may issue authentication keysto worker devices. The authentication keys may be part of apublic/private encryption key system, where the private key may bestored on a device and used to secure a communication, and a public keytransmitted to a receiving device to decrypt the communication. Suchsystems may be one example of a system for authenticating betweendevices, and other embodiments may use other systems.

The workers 924 may operate on a hardware platform 926 to execute anapplication 930 within an execution environment 928. The application 930may be a preinstalled set of executable code that processes work itemsfrom the distributor 906. In some cases, the application 930 may executewithin an execution environment 928, which may be an operating system,virtual machine, framework, or other supporting software component.

The workers 924 may have an authentication key 954 which may be used toauthenticate communication with the distributor 902. The key 954 may beany type of authentication component, such as a public/privateencryption key set or other component.

The instrumented system 932 may be similarly configured as the workers924. A hardware platform 934 may support an execution environment 936that executes the application 938. The instrumented system 932 mayinclude a tracer 940, which may or may not be configurable by thedistributor 902 during execution. The instrumented system 932 may alsoinclude a key 952 for authentication with the distributor 902.

In some embodiments, the instrumented system 932 may be identicalhardware and software configuration as the workers 924. Otherembodiments may have different hardware or software configurationsbetween the instrumented system 932 and workers 924.

The tracer 940 may collect instrumentation or trace data and transmitthose data to an analysis system 942.

The analysis system 942 may have a hardware platform 944 where a datacollector 946 may collect trace data 948 from various tracers. Ananalyzer 950 may process the tracer for analysis, optimization,summarization, or other functions.

The example of the distributor 902 and other components illustratedevices that may have multiple functions. In different embodiments, eachof the various illustrated components may be deployed on a separatedevice or group of devices. For example, the worker manager 956, workerstatus collection 920, tracer manager 918, and other functions may bedeployed on individual devices or groups of devices.

FIG. 10 is a flowchart illustration of an embodiment 1000 showing amethod for configuring a pool of worker devices, then operating theworker devices in a load balanced and instrumentation balanced manner.Embodiment 1000 may illustrate one example of a process that may beimplemented in the systems illustrated in embodiments 800 and 900, amongothers.

Other embodiments may use different sequencing, additional or fewersteps, and different nomenclature or terminology to accomplish similarfunctions. In some embodiments, various operations or set of operationsmay be performed in parallel with other operations, either in asynchronous or asynchronous manner. The steps selected here were chosento illustrate some principles of operations in a simplified form.

Embodiment 1000 illustrates an operating sequence for establishing andadministering a pool of worker resources in block 1002, then anoperational mode in block 1004 for parsing an input stream anddistributing work units to the worker resources. In the example ofembodiment 900, the worker resources may be individual devices, but inother embodiments, the worker resources may be any resource used toprocess work units. In some cases, the worker resources may besub-device resources, such as processors, schedulers, threads, or otherobjects. In other cases, the worker resources may be multiple devicesacting together, such as clusters, managed services, or other resourcegroups.

In an administrative mode in block 1002, the various executionenvironments may be identified in block 1006. The execution environmentmay refer to any resource used for processing a work unit. In manycases, the execution environment may be a device, processor, or othercomputation worker.

For each execution environment in block 1008, an attempt may be made tocommunicate and authenticate the environment in block 1010. If theauthentication is not successful in block 1012, the environment may bemarked as unavailable in block 1014.

After successfully authenticating in block 1012, the configuration andavailability of the environment may be tested in block 1016. If theconfiguration and availability are not OK in block 1018, the environmentmay be marked as unavailable in block 1020. When the environment hassuccessfully authenticated in block 1012 and the configuration andavailability are OK in block 1018, the execution environment may bemarked as available in block 1022.

The process of blocks 1006-1022 may represent an administrative functionthat may be performed prior to distributing work to the variousexecution environment. In some cases, the process of blocks 1006-1022may be performed in parallel with the operational mode of block 1004. Insuch cases, the operations of the administrative mode may be an ongoingand repeated check of the various execution environments.

The operational mode of block 1004 may begin by receiving tracerconfiguration and load balancer configuration in block 1024.

The input stream may be received in block 1026. The input stream may beparsed in block 1028 to identify work items. For a given work item, adetermination may be made in block 1030 identifying a device to processthe work item. In some cases, a tracer configuration may be created inblock 1030 that defines any data collection parameters. Once thedetermination is made in block 1030, the work item may be transmitted tothe selected execution environment in block 1032. The process may returnto block 1026 to process the next work item.

FIG. 11 is a diagram illustration of an embodiment 1100 showing atracing as a service. Embodiment 1100 illustrates one configuration of asystem where a remote service 1104 may integrate with systems on acustomer premise 1102, where the remote service 1104 may provide aninstrumented execution environment to process workloads and generatetrace data.

A customer premise 1102 may execute an application under control of auser. The customer premise 1102 may be a physical premise, such as abuilding or business to which the user may have access. In some cases,the customer premise 1102 may include one or more computers that may beowned by and located at a third party's premise, but under the controlof the user. An example of such a system may be a cloud hosted executionsystem where a user may purchase computing resources. The resources maybe owned by a third party, but the user may control how those resourcesmay be deployed.

The remote service 1104 may receive work items and execute those workitems using an instrumented environment 1114. The instrumentedenvironment 1114 may have various hardware and software components thatmay capture various trace data while a work item executes. In somecases, the instrumented environment may include tools, measuringalgorithms, probes, and other components that may be difficult or costlyto install, manage, execute, or otherwise deploy.

Within the customer premise 1102, an application input stream 1106 maybe passed to a distributor 1108. The distributor 1108 may parse workitems from the input stream and pass the work items to various executionenvironments 1110. The output of the execution environments 1110 may beapplication output 1112.

The distributor 1108 may transfer some or all of the work items to aninstrumented environment 1114, which may be part of a remote service1104. In some cases, multiple instances of the instrumented environment1114 may be used.

A load generator 1128 may create test loads that may be injected intothe input stream 1106. The test loads may be data that may be processedby the instrumented environment 1114 to exercise an application. In manycases, the test loads may exercise an application in a morecomprehensive manner than a typical or random input stream. Such testloads may perform unit tests or other tests that may be designed toexercise various corner cases and conditions. In some cases, the testloads may subject an application to large loads that may stress theperformance of the system. Such test loads may help identify performancebottlenecks and measure overall throughput or response time during peakloading times.

The remote service 1104 may include an authentication, authorization,and accounting system 1116, which may manage various administrativeaspects of the remote service 1104. An administrative user interface maypermit a user to create an account, define a payment mechanism, andadminister the instrumented environments 1114.

An instrumentation marketplace 1122 may be a website or other interfacethrough which a user may browse preconfigured instrumented systems 1124and preconfigured load generators 1126. Each of the variouspreconfigured systems may be customized for specific types of datacollection. Some preconfigured systems may have additional features,algorithms, or capabilities that may not be available on otherpreconfigured systems. As such, some preconfigured systems may havedifferent cost structures than other preconfigured systems.

A user may be able to select a preconfigured instrumented system 1124and preconfigured load generator 1126 as a starting point forconfiguring a test regime for a given application. In some embodiments,a user may select a preconfigured system then add, remove, or editvarious settings to achieve a specific objective.

In some embodiments, a user may be able to save a preconfiguredinstrumented system in the instrumentation marketplace 1122 for reuse.In some such embodiments, a third party may be able to upload their owninstrumented system for sale in the instrumentation marketplace 1122.

FIG. 12 is a diagram of an embodiment 1200 showing a network environmentin which a remote service may provide instrumentation or tracing.Embodiment 1200 illustrates hardware and software components that mayimplement some of the operations described in embodiment 1100, as wellas other embodiments.

The diagram of FIG. 12 illustrates functional components of a system. Insome cases, the component may be a hardware component, a softwarecomponent, or a combination of hardware and software. Some of thecomponents may be application level software, while other components maybe execution environment level components. In some cases, the connectionof one component to another may be a close connection where two or morecomponents are operating on a single hardware platform. In other cases,the connections may be made over network connections spanning longdistances. Each embodiment may use different hardware, software, andinterconnection architectures to achieve the functions described.

Each of the various devices illustrated in embodiment 1200 may have ahardware platform. The respective hardware platforms may be similar tothe hardware platform 104 in embodiment 100. The devices may be any typeof hardware platform, such as a personal computer, server computer, gameconsole, tablet computer, mobile telephone, or any other device with aprogrammable processor.

Embodiment 1200 may illustrate an environment in which instrumentationsystems may be provided from a remote service, then added to thecomputational pipeline of a user's system. The instrumentation systemmay include load generators as well as data collectors which may operatein concert with a user's application to collect various data about theapplication during execution.

A user may interact with the remote service through an administrativeuser interface. The user may be able to perform various administrativetasks, such as establishing an account and a method for payment, as wellas to select and configure test components that may integrate into theuser's application. The remote service may include an instrumentationmarketplace in which a user may browse various preconfigured loadgenerators and preconfigured instrumented workers. Once selected, theuser may be able to configure or customize a component, then manage howthe component may be deployed.

A user's system may include a workload distributor 1202 and variousworkers 1212 connected within an internal network 1210. The workloaddistributor 1202 may receive units of work for an application, thendistribute the work units to various workers 1212. An example of such asystem may be a cluster work environment.

In the example of embodiment 1200, the user's system is illustrated asmultiple devices that each may contribute to the execution of a largeapplication. In other embodiments, the components may be deployed on asingle device.

The distributor 1202 may operate on a hardware platform 1204 that mayinclude a distributor 1206. The distributor 1206 may be a softwarecomponent that may receive an input stream, parse the input stream intowork units, then cause the work units to be executed on the variousworkers 1212.

The distributor 1202 may include a configuration 1207 which may includeboth load balancing and instrumentation objectives. The configuration1207 may also include information that may be used to distribute some orall of the work units to one or more instrumented workers 1222, whichmay execute the workloads and collect data about the execution.

An authentication system 1208 may enable the distributor 1202 toestablish trusted and, in some cases, secure communications with remotesystem components.

The workers 1212 may include a hardware platform 1214 and an executionenvironment 1216 that may execute the various work items. The workers1212 in embodiment 1200 may be connected to the distributor 1202 throughan internal network 1210. In many systems, connections within aninternal network 1210 may be considered trusted and secure because of afirewall 1218 and other security measures. As such, the workers 1212 maybe deployed without an authentication system.

The firewall 1218 may define a boundary between devices directly under auser's control and devices or services that may be provided by a thirdparty. In some embodiments, the various instrumentation components maybe available across an external network 1220, which may include theInternet. In many cases, the various remote services may be madeavailable to many different users.

A third party may provide load generation and instrumentation servicesto the user by establishing a connection with a distributor 1206 withinthe user's system.

The distributor 1206 may operate at a location in an application whereinstrumentation may be desired. In some cases, the distributor 1206 maybe a function call or other instruction that may be inserted into anapplication. Such an instruction may be added to a user's application bya programmer.

The instrumented workers 1222 may execute a portion of an application asdefined by the distributor 1206. The instrumented workers 1222 may havea hardware platform 1224 on which an execution environment 1226 mayexecute work units from the distributor 1206. While executing the workunit, a tracer 1228 may collect data, which may be analyzed by ananalyzer 1230. Not shown in embodiment 1200 may be a separate devicethat may collect and store trace data.

The instrumented workers 1222 may include an authentication system 1232,which may include a key 1234. The key 1234 may be any type of token,key, passphrase, or other item that may be used to authenticate theinstrumented worker 1222 to the authentication system 1208 on thedistributor 1202. In some cases, the key 1234 may be a set ofpubic/private encryption keys.

A load generator 1260 may be another instrumentation component that maybe configured and deployed as a remote service. The load generator 1260may generate artificial loads or other inputs that may be performed bythe application under test. In some cases, the load generator 1260 maycreate unit tests or other inputs that may exercise an application. Inother cases, the load generator 1260 may generate large loads that mayexercise an application to determine performance bottlenecks or otherlimits to performance.

The load generator 1260 may have a hardware platform 1262 with a loadgenerator 1264. A configuration 1266 may define how the load generator1264 may operate, including the type of data to generate along with thetiming, frequency, and other operational aspects.

An authentication system 1268 may authenticate the load generator 1260to the distributor 1202. The authentication system 1268 may include oneor more keys 1270 for communicating with the distributor 1202.

An administrative server 1236 may perform many of the setup,configuration, and management operations to deploy various instrumentedworkers 1222 and load generators 1260. The administrative server 1236 isillustrated as operating on a single hardware platform 1238, althoughother embodiments may deploy the various components on differentplatforms.

An administrative user interface 1240 may be a website, application, orother user interface through which a user may perform manyadministrative tasks. A user may establish an account and create variousauthentication components using an authentication and authorizationsystem 1242. A key generator 1246 and key database 1244 may respectivelycreate and store the various authentication keys that may be deployed tothe instrumentation components and the user's system.

An accounting system 1240 and payment system 1250 may be a mechanismthrough which a remote service may collect monies for operation. Theaccounting system 1240 may identify each usage of the variousinstrumentation components, and the payment system 1250 may transfermoney from the user to the service provider in exchange for the use ofthe system.

Many different payment schemes may be deployed to bill a user for theremote service. For example, a monthly subscription may pay for one ormore instrumented systems. In another example, the instrumented systems1222 and load generator 1260 may be billed on a processor cycle basis,per compute hour, per storage consumed, or other basis.

An instrumentation marketplace 1254 may be an interface through which auser may browse various preconfigured instrumented workers 1256 andpreconfigured load generator 1258. The user may then be able to selectand further configure a preconfigured component before deploying thecomponent.

FIG. 13 is a flowchart illustration of an embodiment 1300 showing amethod for configuring instrumentation systems. Embodiment 1300illustrates one example of a process of a user interacting with anadministrative server to configure, deploy, and manage instrumentationsystems.

Other embodiments may use different sequencing, additional or fewersteps, and different nomenclature or terminology to accomplish similarfunctions. In some embodiments, various operations or set of operationsmay be performed in parallel with other operations, either in asynchronous or asynchronous manner. The steps selected here were chosento illustrate some principles of operations in a simplified form.

Embodiment 1300 illustrates a method by which a user may set up anddeploy instrumentation systems. The instrumentation systems may beinstrumented worker devices, load generators, or other components.

A user may begin a session in block 1302, establish a user account inblock 1304, and establish a payment method in block 1306. The useraccount may allow the user to log in at a later time and add, remove,and edit the operation of the various instrumentation systems. Thepayment method may be the mechanism through which payment may be made toa third party that provides the instrumentation services.

The user may browse preconfigured instrumentation systems in block 1308.The preconfigured systems may have varying capabilities. For example,one instrumented execution environment may have performance monitoringcapabilities while another instrumented execution environment may haveprocess or call tracing capabilities. In another example, one loadgenerator may be configured for producing HTTP requests while anotherload generator may be configured for TCP/IP requests.

After selecting an instrumentation system in block 1310, data to becollected may be defined in block 1312, as well as various collectionparameters and logic in block 1314. The configuration variables definedin blocks 1312 and 1314 may be stored in block 1316 to enable aninstrumentation system to be deployed in block 1318.

The data to be collected in block 1312 may define specific parameters,types of parameters, or other information regarding data collection. Inthe case of a load generator, the parameters of block 1312 may definethe load to be produced, which may be coordinated with the datacollection performed by a corresponding instrumented executionenvironment.

The collection parameters and logic defined in block 1314 may define theconditions under which data may be collected. The conditions may beevents, parameter values, timeframe, sampling rates, or otherdefinitions that may define when data may be collected. In some cases,the conditions may be interpreted by a distributor to determine whichwork units to transmit to an instrumented execution environment.

After defining the data to be collected and when and how the data may becollected, the configuration may be stored in block 1316. In some cases,the stored configuration may be added as another preconfiguredinstrumented system in the instrumentation marketplace. Such a storagemay be made accessible to the public at large or may be restricted toonly the user who created the configuration.

The instrumented system may be deployed in block 1318 to interface witha user's system.

If another system is to be configured in block 1320, the process mayreturn to block 1308. Once all systems are deployed, a user may browseand view deployed systems in block 1322. The user may select a system inblock 1324 and, if the user wishes to make changes to the system inblock 1326, the process may return to block 1312.

FIG. 14 is a flowchart illustration of an embodiment 1400 showing amethod for deploying an instrumented system. Embodiment 1400 illustratesone example of the deployment of an instrumented system, such as may beperformed in block 1318 of embodiment 1300.

Other embodiments may use different sequencing, additional or fewersteps, and different nomenclature or terminology to accomplish similarfunctions. In some embodiments, various operations or set of operationsmay be performed in parallel with other operations, either in asynchronous or asynchronous manner. The steps selected here were chosento illustrate some principles of operations in a simplified form.

Embodiment 1400 may illustrate one example of a process that may beperformed to deploy an instrumented system. The instrumented system maybe a load generator, instrumented worker, or other component.

A configuration file for the instrumented system may be created in block1402, and the instrumented system may be instantiated in block 1404. Insome embodiments, each instrumented system may be a virtual machine orother component that may be instantiated and managed within a datacenterenvironment.

Authentication keys may be created for the system in block 1406 and thekeys may be transmitted to the system in block 1408. In blocks 1406 and1408, any protocols or other configuration may be performed to connectto a distributor or to an administrative system.

An attempt may be made in block 1410 to connect to a distributor on acustomer's system. If the connection is not successful in block 1412,the distributor may be installed and configured by identifying theinstrumentation point in block 1414 and adding the distributor to thecustomer system in block 1416. In many cases, a programmer may add afunction call or make other changes to the customer's application to addthe distributor. The distributor may be configured in block 1418 tocommunicate with the instrumented system. The process may proceed toblock 1420.

After the distributor is configured in block 1418 or there is success inconnecting in block 1412, the instrumentation system may be added to thedistributor as an available system in block 1420. The authenticationmechanism may be established in block 1422 and the system may startoperation in block 1424.

The foregoing description of the subject matter has been presented forpurposes of illustration and description. It is not intended to beexhaustive or to limit the subject matter to the precise form disclosed,and other modifications and variations may be possible in light of theabove teachings. The embodiment was chosen and described in order tobest explain the principles of the invention and its practicalapplication to thereby enable others skilled in the art to best utilizethe invention in various embodiments and various modifications as aresuited to the particular use contemplated. It is intended that theappended claims be construed to include other alternative embodimentsexcept insofar as limited by the prior art.

1. A method performed by a computer processor, said method comprising:receiving an input stream for an application, said application beingexecuted on a plurality of execution environments, said input streamcomprising work elements being discrete units of work for saidapplication; receiving a status from each of plurality of said executionenvironments, said status comprising availability to perform work;receiving a configuration definition defining conditions for executingsaid discrete units of work on said second execution environment, saidconfiguration definition comprising a load balancing objective and adata gathering objective; and parsing said input stream to identify saiddiscrete units of work, determining a first data gathering objective fora first work unit, and causing said first work unit to be executed on afirst execution environment with said first data gathering objective. 2.The method of claim 1 further comprising: transmitting said first datagathering objective to said first execution environment.
 3. The methodof claim 2 further comprising: determining a second data gatheringobjective for a second work unit, said second data gathering objective;determining that said plurality of execution environments are nearcapacity; changing said second data gathering objective to a limitedsecond data gathering objective; and causing said second work unit to beexecuted with said limited second data gathering objective.
 4. Themethod of claim 3, said second work unit being executed by said firstexecution environment.
 5. The method of claim 4, said first datagathering objective being different from said limited second datagathering objective.
 6. The method of claim 5 further comprising:transmitting a first authentication mechanism to said first executionenvironment.
 7. The method of claim 6 further comprising: receiving asecond authentication mechanism from said first execution environment.8. The method of claim 7 further comprising: said second authenticationmechanism being received as part of said status.
 9. The method of claim2 further comprising: determining a second data gathering objective fora second work unit, said second data gathering objective; determiningthat said plurality of execution environments have excess capacity;changing said second data gathering objective to an extensive seconddata gathering objective; and causing said second work unit to beexecuted with said extensive second data gathering objective.
 10. Themethod of claim 9, said second work unit being executed by said firstexecution environment.
 11. The method of claim 2 further comprising:causing said first work unit to be executed on a second executionenvironment with a second data gathering objective.
 12. The method ofclaim 11, said second data gathering objective being different from saidfirst data gathering objective.
 13. The method of claim 1 furthercomprising: determining that said first execution environment haspreconfigured data gathering capabilities that are within said firstdata gathering objective.
 14. The method of claim 13 further comprising:determining that a second execution environment does not have saidpreconfigured data gathering capabilities and determining that saidsecond execution environment will not execute said first work item. 15.The method of claim 14, said status for said first execution comprisingan indicator for said preconfigured data gathering capabilities.
 16. Themethod of claim 1, said configuration definition comprising a targetquality of service.
 17. A system comprising: a processor; a loadreceiver that receives an application workload to execute, saidapplication workload comprising work units; a worker status collectorthat receives status information from a plurality of executionenvironments; a distributor executing on said processor that: receives aconfiguration definition defining conditions for executing said discreteunits of work on said second execution environment, said configurationdefinition comprising a load balancing objective and a data gatheringobjective; parses said input stream to identify said discrete units ofwork; determines a first data gathering objective for a first work unit;and causes said first work unit to be executed on a first executionenvironment with said first data gathering objective.
 18. The system ofclaim 17, said distributor that further: transmits said first datagathering objective to said first execution environment.
 19. The systemof claim 18, said distributor that further: determines a second datagathering objective for a second work unit, said second data gatheringobjective; determines that said plurality of execution environments arenear capacity; changes said second data gathering objective to a limitedsecond data gathering objective; and causes said second work unit to beexecuted with said limited second data gathering objective.
 20. Thesystem of claim 19, said second work unit being executed by said firstexecution environment.
 21. The system of claim 20, said first datagathering objective being different from said limited second datagathering objective.
 22. The system of claim 21, said distributor thatfurther: transmits a first authentication mechanism to said firstexecution environment.
 23. The system of claim 22, said distributor thatfurther: receives a second authentication mechanism from said firstexecution environment.
 24. The system of claim 23, said secondauthentication mechanism being received as part of said status.
 25. Thesystem of claim 18, said distributor that further: determines a seconddata gathering objective for a second work unit, said second datagathering objective; determines that said plurality of executionenvironments have excess capacity; changes said second data gatheringobjective to an extensive second data gathering objective; and causessaid second work unit to be executed with said extensive second datagathering objective.
 26. The system of claim 25, said second work unitbeing executed by said first execution environment.
 27. The system ofclaim 18, said distributor that further: causes said first work unit tobe executed on a second execution environment with a second datagathering objective.
 28. The system of claim 27, said second datagathering objective being different from said first data gatheringobjective.
 29. The system of claim 17, said distributor that further:determines that said first execution environment has preconfigured datagathering capabilities that are within said first data gatheringobjective.
 30. The system of claim 29, said distributor that further:determines that a second execution environment does not have saidpreconfigured data gathering capabilities and determines that saidsecond execution environment will not execute said first work item. 31.The system of claim 30 said status for said first execution comprisingan indicator for said preconfigured data gathering capabilities.
 32. Thesystem of claim 17, said configuration definition comprising a targetquality of service.